101 lines
6.9 KiB
HTML
101 lines
6.9 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
|
<!DOCTYPE html
|
||
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
|
<html lang="en-us" xml:lang="en-us">
|
||
|
|
<head>
|
||
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
|
<meta name="security" content="public" />
|
||
|
|
<meta name="Robots" content="index,follow" />
|
||
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
|
<meta name="DC.Type" content="task" />
|
||
|
|
<meta name="DC.Title" content="Create and operate a Local CA" />
|
||
|
|
<meta name="DC.Relation" scheme="URI" content="rzahudcmpublicaccessscen.htm" />
|
||
|
|
<meta name="DC.Relation" scheme="URI" content="rzahustep2configurethehumanresourceshttpservertousessl.htm" />
|
||
|
|
<meta name="DC.Relation" scheme="URI" content="rzahustep4configureclientauthenticationforhumanresourceswebserver.htm" />
|
||
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2000, 2006" />
|
||
|
|
<meta name="DC.Format" content="XHTML" />
|
||
|
|
<meta name="DC.Identifier" content="rzahustep3createandoperatealocalca" />
|
||
|
|
<meta name="DC.Language" content="en-us" />
|
||
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
|
<!-- US Government Users Restricted Rights -->
|
||
|
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
|
<title>Create and operate a Local CA</title>
|
||
|
|
</head>
|
||
|
|
<body id="rzahustep3createandoperatealocalca"><a name="rzahustep3createandoperatealocalca"><!-- --></a>
|
||
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
|
<h1 class="topictitle1">Create and operate a Local CA</h1>
|
||
|
|
<div><div class="section"><p>After you configure the human resources HTTP Server to use Secure
|
||
|
|
Sockets Layer (SSL), you must configure a certificate for the server to use
|
||
|
|
to initiate SSL. Based on the objectives for this scenario, you have chosen
|
||
|
|
to create and operate a Local Certificate Authority (CA) to issue a certificate
|
||
|
|
to the server. </p>
|
||
|
|
<p>When you use Digital Certificate Manager (DCM) to create
|
||
|
|
a Local CA, you are guided through a process that ensures that you configure
|
||
|
|
everything that you need to enable SSL for your application. This includes
|
||
|
|
assigning the certificate that the Local CA issues to your Web server application.
|
||
|
|
Also, you add the Local CA to the Web server application's CA trust list.
|
||
|
|
Having the Local CA in the application's trust list ensures that the application
|
||
|
|
can recognize and authenticate users that present certificates that the Local
|
||
|
|
CA issues.</p>
|
||
|
|
<p>To use Digital Certificate Manager (DCM) to create and operate
|
||
|
|
a Local CA and issue a certificate to your human resources server application,
|
||
|
|
complete these steps:</p>
|
||
|
|
</div>
|
||
|
|
<ol><li class="stepexpand"><span><a href="rzahurzahu66adcmstart.htm#rzahu66a-dcm_start">Start
|
||
|
|
DCM</a>.</span></li>
|
||
|
|
<li class="stepexpand"><span>In the navigation frame of DCM, select <span class="uicontrol">Create a Certificate
|
||
|
|
Authority (CA)</span> to display a series of forms.</span> These
|
||
|
|
forms guide you through the process of creating a Local CA and completing
|
||
|
|
other tasks needed to begin using digital certificates for SSL, object signing,
|
||
|
|
and signature verification. <div class="note"><span class="notetitle">Note:</span> If you have questions about how to complete
|
||
|
|
a specific form in this guided task, select the question mark (<span class="uicontrol">?</span>)
|
||
|
|
button at the top of the page to access the online help. </div>
|
||
|
|
</li>
|
||
|
|
<li class="stepexpand"><span>Complete the forms for this guided task. In using these forms to
|
||
|
|
perform all the tasks that you need to set up a working Local Certificate
|
||
|
|
Authority (CA), you perform the following steps: </span><ol type="a"><li class="substepexpand"><span>Provide identifying information for the Local CA. </span></li>
|
||
|
|
<li class="substepexpand"><span>Install the Local CA certificate on your PC or in your browser
|
||
|
|
so that your software can recognize the Local CA and validate certificates
|
||
|
|
that the Local CA issues. </span></li>
|
||
|
|
<li class="substepexpand"><span>Choose the policy data for your Local CA. </span> <div class="note"><span class="notetitle">Note:</span> Be
|
||
|
|
sure to select that the Local CA can issue user certificates.</div>
|
||
|
|
</li>
|
||
|
|
<li class="substepexpand"><span>Use the new Local CA to issue a server or client certificate
|
||
|
|
that your applications can use for SSL connections. </span></li>
|
||
|
|
<li class="substepexpand"><span>Select the applications that can use the server or client certificate
|
||
|
|
for SSL connections. </span> <div class="note"><span class="notetitle">Note:</span> Be sure to select the application
|
||
|
|
ID for your human resources HTTP Server.</div>
|
||
|
|
</li>
|
||
|
|
<li class="substepexpand"><span>Use the new Local CA to issue an object signing certificate
|
||
|
|
that applications can use to digitally sign objects.</span> This subtask
|
||
|
|
creates the *OBJECTSIGNING certificate store; this is the certificate store
|
||
|
|
that you use to manage object signing certificates. <div class="note"><span class="notetitle">Note:</span> Although this scenario
|
||
|
|
does not use object signing certificates, be sure to complete this step. If
|
||
|
|
you cancel at this point in the task, the task ends and you must perform separate
|
||
|
|
tasks to complete your SSL certificate configuration.</div>
|
||
|
|
</li>
|
||
|
|
<li class="substepexpand"><span>Select the applications that will trust the Local CA. </span> <div class="note"><span class="notetitle">Note:</span> Be sure to select the application ID for your human resources
|
||
|
|
HTTP Server, for example, <samp class="codeph">QIBM_HTTP_SERVER_MYCOTEST</samp>, as one
|
||
|
|
of the applications that trusts the Local CA. </div>
|
||
|
|
</li>
|
||
|
|
</ol>
|
||
|
|
</li>
|
||
|
|
</ol>
|
||
|
|
<div class="section"><p>When you complete the certificate configuration that your Web server
|
||
|
|
application requires to use SSL, you can configure the Web server to require
|
||
|
|
certificates for user authentication.</p>
|
||
|
|
</div>
|
||
|
|
</div>
|
||
|
|
<div>
|
||
|
|
<div class="familylinks">
|
||
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahudcmpublicaccessscen.htm" title="In this scenario, you to learn how to use certificates as an authentication mechanism to protect and restrict which resources and applications that internal users can access on your internal servers.">Scenario: Use certificates for internal authentication</a></div>
|
||
|
|
<div class="previouslink"><strong>Previous topic:</strong> <a href="rzahustep2configurethehumanresourceshttpservertousessl.htm">Configure the human resources HTTP Server to use SSL</a></div>
|
||
|
|
<div class="nextlink"><strong>Next topic:</strong> <a href="rzahustep4configureclientauthenticationforhumanresourceswebserver.htm">Configure client authentication for human resources Web server</a></div>
|
||
|
|
</div>
|
||
|
|
</div>
|
||
|
|
</body>
|
||
|
|
</html>
|